View in browser

Weekly newsletter n°15

offsec.tools

A vast collection of security tools for bug bounty, pentest and red teaming
offsec.tools is a vast listing of security tools designed to help pentesters and bug hunters in their daily task. The list is organized by tags and provide a quick search engine. The list is feeded by the author and the community. Anyone can add a tool and be listed as a contributor, feel free to check the GitHub repository.
Go to offsec.tools

Tools featured this week

mx-takeover
Focuses DNS MX records and detects misconfigured MX records.
Vajra
UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.
PortSwigger WebSecurity Academy
Free, online web security training from the creators of Burp Suite.
Freddy Deserialization Bug Finder
A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.
Shadow Workers
C2 and proxy designed to help in the exploitation of XSS and malicious Service Workers.
pyfiscan
Free web-application vulnerability and version scanner.
PyExfil
Set as many exfiltration, techniques that CAN be used to bypass various.
brutespray
Automatically attempts default creds on found services based on Nmap output.
XSSwagger
A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks.
socialhunter
Crawls the website and finds broken social media links that can be hijacked

Tools added last week

SysReptor
Easy and customisable pentest report creator based on simple web technologies.

LaZagne
Credentials recovery project.

cloudsploit
Cloud Security Posture Management (CSPM).

archerysec
Automate your application security orchestration and correlation (ASOC).

DNSExfiltrator
Data exfiltration over DNS request covert channel.

csrf-scanner
CSRF Scanner Extension for Burp Suite Pro.

additional-scanner-checks
Collection of scanner checks missing in Burp.

403-bypasser
A Burp Suite extension made to automate the process of bypassing 403 pages.

json-web-tokens
JSON Web Tokens Support for Burp Suite.

co2
A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.

Seela
Boost the cybersecurity skills of your teams with the cyber knowledge library.

Want more to see more tools?

Go to offsec.tools

Sponsors